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END-USER LICENSE AGREEMENT FOR VIRTUAL 
POLICY BUILDER SOFTWARE-VIRTUAL WORKSPACE 
IMPORTANT. 

READ CAREFULLY: This End-User License Agreement 
( tULA ; IS a 16931 agreemeni Deiween you ^eiiner an 
individual or a single entity) and the manufacturer ('PC 
Manufacturer") of the computer system ("COMPUTER") with 
which you acquired the Virtual Workspace software 
product(s) identified above ("SOFTWARE PRODUCT" or 
"SOFTWARE"). If the SOFTWARE PRODUCT is not 
accompanied by a new computer system, you may not use 
or copy the SOFTWARE PRODUCT. This SOFTWARE 
PRODUCT includes computer software, the associated 
media, any printed materials, and "online" or electronic 
documentation. By installing, copying or otherwise using the 
SOFTWARE PRODUCT, you agree to be bound by the 
terms of this EULA. If you do not agree to the terms of this 
EULA, PC Manufacturer and Virtual Workspace are 
unwilling to license the SOFTWARE PRODUCT to you. In 
such event, you may not use or copy the SOFTWARE 
PRODUCT, any you should promptly contact PC 
Manufacturer for instructions on return of the unused 
product(s) for a refund. 




I 


SOFTWARE PRODUCT LICENSE 

The SOFTWARE PRODUCT LICENSE is protected by 
copyright laws and international copyright treaties, as well 
as other Intellectual property laws and treaties. 



Figure 1 1 



This PDF ot U.S. Publishsd Application 2005001 0820 provided by Patent F-etclier™, a product of Strolls of Color, inc. - Page 14 of 54 



Patent Application PubUcation Jan. 13, 2005 Sheet 14 of 51 US 2005/0010820 Al 







Licensing Agreement 
for 


/ i 


1 


Virtual Policy Builder 


ij 




3. UPGRADES. If the SOFTWARE PRODUCT is 
an upgrade from another product, whether from Virtual 
Workspace or another supplier, you may use or transfer 
the SOFTWARE PRODUCT only in conjunction with that 
upgraded product, makes you destroy the upgraded 
Droduct If the software riroduct is an uoarade of Virtija! 
Workspace product, you now may use that upgraded 
product only in accordance with this EULA. If the 
SOFTWARE PRODUCT is an upgrade of a component 
of a package of software programs which you licensed as 
a single product, the SOFTWARE PRODUCT may be 
used and transferred only as part of that single product 
package and may not be separated for use on more than 
one computer. 


Zl 

— 1 




4. OEM Copyright. All title and copyrights in and to 
the SOFTWARE PRODUCT (including but not limited to 
any Images, photographs, animations, video, audio, 
music, text and "applets," incorporated into the 
SOFTWARE PRODUCT, the accompanying printed 
materials, and any copies of the SOFTWARE 
PRODUCT, are owned by Virtual Wori<space or Its 
suppliers. The SOFTWARE PRODUCT is protected by 
copyright laws and international treaty provision. You 
may not copy the printed materials accompanying the 
SOFTWARE PRODUCT. 
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Virtual Workspace has created this privacy statement in 
order to demonstrate our firm commitment to privacy. 
The following discloses our information gathering and 
discrimination practices for this site; Virtual Policy 
Builder. 

Your IP address is used to help identify you and your 
shopping cart. 

Our site's registration from requires users to give us 
contact information (like their email address) and 
demographic information (like their zip code, age, or 
income level). The customer's contact information is 
used to contact the visitor when necessary. Users may 
opt-out of receiving future mailings; see the delete/ 
deactivate section below. Demographic and profile 
charts is also collected at our site. We use this data to 
tailor the visitor's experience at our site, showing them 
content that we think they might be interested in, and 
displaying the content according to their preferences 
financial information (like their account of credit card 
numbers)&]. 
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for 
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If ycu have any questfont about this privacy statM^ 
your daaln9» ifiMi thte Web alia, you ean eontect 

VirlualVVMSpaea 
250 East eihStroet 
Suite 610 
StPM. MN S9101 
aJl8vliluaiiMOffc8paca.coni 
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Figure 15 



/ 








Choosing a Screen 
Identity 












\ 




1 

1 




Choose a screen name and identity for the training 
session by diddng on the screen name Ksted below 

Screen Names: 
Sasha: the wanlor princess 
Alvin: the truck driver 
Josh: the surfer dude 
Wtlliam: the investment banlcer 
Alice: the domestic engineer 
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Figure 16 
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Choosing a Screen 
Identity 




Your trainina session number is: 




The sesston number is used to track and reference the 
training session in the policy effectiveness module. 

Click on the fraining icon to enter the virtual training 
room. 

CTralning]) 
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Figure 18 
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Policy Suggestion 



DcdGtop FSncy 

Stig pited Fdicy ; Tooomply wHiiUws gqivcraing software imiteeltoiifinnpii^ 
cmployccfl must not: 

•Mike Goptci or any aoftwire unieii cxptidtty lUlfaoiizcd. 

•Exchaogp, trade or limsfcr copies of iny floftwsre lo otfaen in 

cybenpaoe. 

•Downioad capn of Boftwaie that nonnBlly would have to be purchaaed. 

'Purchase any loftware from the Iitenet without prkx* approval 
If you enoountcr pirated software or suspect software may have been pimted, notify the 
s)^tem administimtar umnediately and (fistaiwe younelf from the real or luapected illegal 
activity. 

l^tMiMCS JBxpeet ififfereot people to bsve diflforent atand a r da. They are not |iettcr» not 
worae • nnqdy tfiffeiei^ 

Mndglc: The prineiple of pment ohoieea statea that 01^^ 

ftitiao aclioo. Tlda means that most inyoitart deciaiona affect two timeframes. The idant- 
term result may be a benefit Init the long- tcnn reauH can be either a benefit or, as often 
happens, a coasecpxncc. 



Do you flgm or tBMgm witt Ihe sucfcsled policy? 



What clumgcf would you make to flw lugceited policy? 



Sdmdt 



] [ 



Exit 



Sqipoit 
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Figure 20 
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Virtual Training 
Room 


-> 


Policy Feedback 

Alvin: No changes 
Josh: No changes 

William: > 1 hate getting an approval to download 
^ software. 1 want that section changed. 

Facilitator: >Does the arouD think about downloadino 
sof^re and approvals? 

Josh: > Have to company make a list of approved 
software to download...Would that help you 
Will? Or do you want the optton to downtoad 
anything? 

Wiillam: > 1 couki live with a list, as long as 1 can email 
the someone to approve of the software 1 
want to have downloaded. 
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Figure 21 
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Writing tiie Policy 








Suggested Foficy: To comply with bws govcmii^ software piotectim 
piracy en^iloyees must not 

•Make copies of any software unless explicitly authorized. 

•Exchange, trade or tiansfer cofries of any software to olfaen in 

cyberspace. 

•Download copies of software dial nonnally would have to be 
purchased. 

•Puicfaase any software ftom the Intentct without prior approval 
If you encounter piialed software or suspect software may have been piiated, 
nodfy die system adrolnisttalar fanmcdiately and distance yoinself fin^ 
real or sospeded ittc^ adivi^. 

Facilitator If I am ooirec^ you want this secdon added to the policy? 
A dd>» A U scfiw€n domtnloads cat be i^^proved by the system 

admMstrtitw, rhe userneeds to emdlAe system 
aJminlstmtor to get apptmUfordowtdooEbng the software. 
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Figure 22 
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To comply with laws govenung software protectioa fixmi piracy employees 
must not 

•Make copies of any software unless explicitly aiiftoiized. 
•Exchange, trade or transfer copies of any software to ochen in 
cyticrspaoe. 

•Download copies of software that nonnaUy would have to be 
pufdiased. 

•All software downloads can be ^ipioved by the system 
administrator. All netwoik user needs to email die system 
administraDor to get i^spioval befine downloadtqg die software : 
•Purchase any software fiom tfie hitcinet without prior approval 
If you encounter pirated software or suspect software may have been pirated, 
notify the system administrator immediately and distance yourself fimn tiw 
real or suspected illegal activity. 

Do you agree or disagree with the policy? 




1 
1 
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Figure 23 
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To Gomply with lawi gaveimng loftware piotcctkm fiom piracy employees 
must not 

•Make co|nes of any software unless e^qilkidy authorized. 
•Exchangc.tiadcortiansfocopiesofaiy software Id odicra hi . 

cyberspace. 

•Download copies of sofiiwaie that nonnally would have to be 

purehascd. 

*A11 software downloads can be approved by system 
administnitor. All oetwofk user needs to email the system 
adminislTator to get appiDval before dowoloadiQg the software. 
•Purchase any softwise from the Internet without prior approval 

If you ctiooutiler piiated software or suspect software lunre been ptiated, 
the system administiator inuiiedlatdy 

real or suspected ili^ activity. 
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Figure 24 
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Figure 25 
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Policy Training Exam 




What Is spam? 

S Aslang term for an electronic contract 

g A luncheon meat 

1 A slang tenn for Junk e-mail 

B A term used for downloading files from the web 
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Figure 26 
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Training Feedback Form 




Was the subject pertinent to your needs and inteiests? 
No To some extent 
Veiy Much So 

Exoeltcnt Satisfactoiy Pissatisfacofy 
Adequacy of Courae Content 
Lenglh of Cottiae 
AdequacyafCoone Materials 
Adequacy of Leamiqg Experience 
Adequacy of Facilities 

If any factor is rated ^^unsatis&ctoiy'*, please provide explanation: 
What was of least value to you in Ois teminai? 

What was of most value to you in this aendnaf? 

How will you apply this leamiqg backonthe Job? 

Would yoo leoommend this oouise fisr other individuals/itoanis? 
Yes No 


fiC^C WAINMENU ^C^"*"^ 
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Figure 27 







Acceptable Use 
Agreement 




Th\% ■ofMRwnt is bstwMn the sinployM end the user indicjtod bskMf. 




The user agrees to the IblhMiihig: 

1. Al Information stored on Ihe comperiy system is 

Instiuctlonal or edmMsMltfe purpoees. Al data storsd on the company 
computer be suNable tbr al audtences arid shSl not violate p«rs^^ 
prKracy. 

2. Use of the com|xitBrsyitointSor cofnniercial puipoeesis proMUtsd. 

3. User accounts whkh are issued for the purpose of mating the ofganizattonal 
(county, pfx>gram, etc.) VMb sUs wM have s designalBd prlmaiy user who Is 
resporwbis for controKng aeoess to the account The primary user 

share Hn/her login tD and pessMMrd with anyor>e outside the organizational unit, 
and vdi change Ihe pasaword regufaiily* 

4. The company server(s) system is an eiectronfc community. Users are 
community members snd ss such must be considerate of other users. Thus, 
users attend to their own lies and drectortes and leave others alone. Uters 
shal infonm the system admhistiator, or the Manager if e problem arises «rfth 
your aooount or the aetverts). 

$. Users vM be good stei(Mardt ef the electronio amironmert and %dl not 
waste space, coinputing power or ottwr user^ tbiie. 

6. Because tiis is an educational convnunily, there are many ohMen who 
have aooesa to inileriali on the gyslem. Usen have a respoMMty to an^ 
nunurtng emrironment for oiv chMran. Consequonthf , usere wH neitier store 
not (ranamR ebeoene, abusive or ethefwrfse objeefoiafafo inaMal on the 
system. Such acttoneiMll rssultln prompt lerminalion of system prhfOeges. 

7. Thecompany reseives the right to review sny material stored on the 
system end wM remove any materiel which it beleves viotates snd dement of 
this agreement 


1 

1 

1 




P) C ^^^^ 3 c ^ 
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Figure 28 
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Agreement 




CONTINUE 

6. The oompany oparates a refiable and afbcfiva ooinputino environnwfit and 
MtiNDilc, howavaf Ilia ooifi|)any doaa iwrt wananllKatllia ayatenn mN maet any 
■pedficuaerreqMifemantorlhallhe ayatemnHMbaatrarfraaorunlnteifuplecl, 
Tho coirpaiiy ahal not ba liabia lor any diract or indract* bicfdonbii or 
consaqMenlial damagea mtained ar incurrad on oonracfion 1^ 
inabilfly (d usa 9ia oonpany syslom. 

UaarSlgnalura 


Data: 
Mana^ian 


, Intemat a-midl addraaar 


Cflck kiorw to Moept or dadm ffie teraw of tiM AMtptibto Um Policy. 

C^ccepT^ Cjecline^ 


(*) Q C ^^^^ ^ C ^ 
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Figure 29 















\ 1 
i 




Thank your for participating in the 


1 




policy training program. 






(<)(>)( MAIN MENU )(eXIT) 
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Policy / I 
Compliance ajncl 
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Figure 31 



User Profile 



EnwH Achkescr 
Suitoe IM Address: 

EivfikiyiMnt sWus (i.s. tsmpi oonksc^ vfatuaO* 



TMa: 

DopertmsnlAMI TNte^ 

BrsndWDMiion! 

MaiAddratK 



USER PROFILE REPORTS 

Uxy's EfnpteyriBfrt AgBsni6nti _siid_gi| jwf cofilrsctn 

Pdfcy Tfalnino mtd Ewim stetus: 

Polcy Cofiyltoncc rtrtoty 

NgtWDrkAd»^Htterv 

SpedalNsfawork Access or PrtiHIeoes 

Emai stofaos aflocrtton 

Document sooess levd 

U»Sf Access to indudgiflfaaedloffn attempts 

All sttofiipls to launch Pilviwd8g?i>Bcs<^ 

Any chanacs to systam ccnflfluration parametsrs 

Software downtoads from the hrtamet 

SofKwa usage 

Hafdwara usaqa 

Softwwe present on a user's wDftotafion 
User's system access wnd socurtty status 
Identffy need for upgades 
identiiyneedlorlralnftHJ 
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Figure 32 
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Figure 33 
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Figure 34 



Software Compliance 



0 



REPORTS 



Uier 5coet» indudbg Wtedlorfn a tt c nr fa 
Al wttetnpte to lautich prtvteged appflcaBoa « 
Ally chanQce to gygtain coitfto***floH Piw>n6teri 

Hardware usage 
Locaflonof>oyiwwre 

Location of >oftwwrB Boemc oufcwiimte 
Type ef MfNwre agrewnerrts 

Pnwkle ttattstkaJ and graphkii iu»Mca5on far loftwwre purchwo. upgadet and 
iiiainteiiinoc cxpcnta 
SonwMO InatalaBom 
Sotlwafa ootwpianca 

Appfoprtateneta, jnappropriatgneta and axoesghie usa of sol^ 

rB>ouroe» throughout ftaaniafpriia. 

Nuwi>of olpaopte twaWftfl fof acoeaa to wafbrnn appicallonCa) 

Aocesttima 

Value cftoftywebatnfl wed at anylime 

lden(i^f need for upgadee 

Idenflty need faf tnUnfcijp 

Prote<aonifcf htt r d i w r a .aoftwafaandloe^ 

entecprtae 

Krecaci naruwa uaiiiiaig 
Re^reutoaotMWaandhajdawraasfcwicated 
Pqa e nal»inattfedorpewrittedaolhwra(n^^ 
UtBiatton of ayatatn tBaourcea 
Identify potential poioy faitinflcmenta 
Identify ayatetn^enda per department uae 
Allocation of felated coata related to depaitinef< 



>) (<) MENU K SEND J( PRIHT J ( EXIT 
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Audit 




.... 








\ 


( 

1 






To: PolAdm^Virivoin 
From: Sys®virtcom 
RE: Audit Reminder 
Branch Location: Minneapolis 
Time: 11:20 a jn. 
Data: May 20, 1998 
CC: PoOcyeffedSvirtcom 

PolAdmQvirtoom 
Lan®yiricom 






















Audit Reaults 

Violations: 
Dtscrepencieax 

ClicK on the report icon to complete poli^ violation report d 






! 






^Report) 
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Figure 36 
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Network Policy Compliance Notice 








Reference Number 985h34 

Posted-Oate: Mon. 20 May 1998 16:17:36 -OSOO (CDT) 
To: Jane Doe®virtcom 
From: PoflcyAdm Qvirtcom 
Subject Violation Notice 




Network Non-Compliance Notice 

Name: 

EmaO Address: 
Title: 

Department/Unit Titie: 
Branch/Division: 
Mail Address: 
Violation: 

Violation History: (hyperlinl) 








(P) (<) (main menu^(^end^ (^rint^ Q exit ^ 
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Network Compliance 
Action Notice 




The policy advisor Kas taken the potential violation Into advisement and 
has detennined the fbliowing procedures: 

mis Is a Level 2 violation 

Follow the prompts to complete the violation reporting process for this 
level 2 violation. 

aick to begin the violation reportiAQ process. 


(>) (<) (main menu^(^^s^^ I 
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Figure 38 



r 

T 

V 


s 


f^uiivy wUiii|jii«invv iwpwii ruriii 








Violator'ftNamd: 






EmaH addrass: 








Department 


Man Station 


1 
1 




Violation: 1 Minor Violation | Major Violation 

Tu^A Af V/I^laKAn* /aK^^#a fimm H^nrv Haum K/w \ 

1 ypv or VKiauon. ^cnovsv ifurn urup uown usjk ) 




Branch Location: 
Date of Occurrance: 

Date of report 

Offidat reporting the inci<lent 


1 


PoTicy Administrator 
Addifionai details: 


1 Ok 1 1 Reset 1 1 Cancel 1 




(>)(<) (main menu) (^END^ EXIT ^ 
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Figure 39 
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Network Compliance 
Action Notice 




The policy a<lvi9or has taken the potential violation into advisement and 
has detannined the following proceduiBs: 

This Is a Level 2 violation 

Follow the prompts to complete the violation reporting pn>cess for this 
level 2 violation. 

Cfidc C^lP to begin the violation reporting process. 
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Figim40 
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Policy Knowledge Query 



Nains: 



Violation:! Minor Vioiation g Major Violation 
Type of Violation: (choose from drop down box) 



Branch Locatfcm:. 
Data: 



Poil9 Adminialrator. 
AddMonal details; 



Search I I Reset I I Cancel I 



c]^^l^ER HELPj^ cock Icon for 

-— — — respond to a violation report. 




MAIN MENU ]( SEND 



PRINT 



EXIT 
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Figure 41 



V. 




Policy Compliance Report Form 








ViolatDr's Name: 






Emaa addmss: 


1 
1 




Title: 


Oepaftmont 


Man Station 


Violation: 1 Minor Violation 8 Major Violation 
Type of Violation: (choose fiiom drop down box ) 


1 


Branch Location: 
DateofOceurrenoe: 

Date of report 

Official reporthg the incident 


1 


Policy Administrator 

Additional detaib: 


1 Ok II Reset 1 1 Cancel 1 




(>) Q(MAIigMENIJ^(^END^ EXIT ^ 



This PDF- of U.S. Published Application 20050010820 provided by Patent F'etcher™, a product of St.roke of Color, Inc. - Page 44 of 64 



Patent Application PubUcation Jan. 13, 2005 Sheet 44 of 51 US 2005/0010820 Al 
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1 
1 
1 




Policy Violation Code and Report 








The daim you submHted has been assigne(985h34 as Its raterance 
coda. 

Encryptad amail and surfaca mail copies of the policy violation daim 
rapoft has been sent to: 

• Jane Doe 

• John Smith in Human Resources 

• System Policy Adminisbator 

• Vtrtual WorkSpaoa» LLC • a third party policy oiiganization 


(P) (<i^*^** MENI? 
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Figure 43 



System Violation Notice 

. Eman and Snan Main Notica 




Nanw: 

UserProHa: 
ViolalionTypa: 

Violation level: 
Branch Localion: 
Tima: 

Date: 

CC: 



File Attachments: 



Jane Doe 

(Review Profte from drop doiMnmemi) 
I with oonMenlMl tie 



Level 2 
Minneapolis 
11:20 am 
May20, 1998 
JsfnithQVirloom 
PolAdm@Virloom 
Poll^Qvlrtualwofkspace.oom 
Scheduling and violation rapoft 



The system indteatee you have violated a vlftiMlpoicy, Attached Is a poicy 
vfotatton dakn report for your review. 

We wH need your aaalatanea to bwesSoate the claim to detemiine If R 
MourateandiritwarTantflUrlherclscusaion. Please Mow the praoeduree 



• Review the attached pofieyvlolaOonelaim report 

« Review your IteeKs VIolallon Msteiy tie at hUpi/Awww jj seivleom. 

- IndlGate any dtocrepancies In any Of tie reports 

• IndcalayouravattdbtHyforanlrHMfsofifaiowupmeellno 

For Mher Mwrnafion dck the user Icon 

Ail report and inveatlgBliori Inlbrnnrtion to autoffiatfcal^ 

Thank you fbr your coopeiafion. 



(>)(<) (main MEWj)(^^ EXIT 
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Figure 44 




Subsequent Action Report 



Jane Doe 

Level 2 
Minneapolis 
11.20 am 
May 20. 1998 
JsmHhOVirtoofn 
PolAdmQVirtoom 
Policy®virtualwoH(spaca.oom 
Subsequent Adion Report 



Name: 

Violaton level: 

Branch Location: 

Time: 

Date: 

CC: 



File Attachments: 



Following the violation meeting, Human Resources and the user are 
requireil to We a aut>sequent meetino leport to verify their attendance 
at tfie meeting. 

The report can be accessed t>y c\icK tharaport loon ( g^P^ 



If you have any additional questions or concerns, you may contact the 
I PoOcy Administrator via email: PolAdm@yirtoom or by calling 555- 
121Z 



If you do not ^rae with the outcome of the meeting, you may file for 
an appeal. To t>egtn the appeal process, didc on the appeal ioon 
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Figure 45 
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1 




The Appeal Process 








The Appeal Process grants the user due process, inctuding the 
opportunity to respond to an alleged violation in writing. The user is 
given the option to choose an appeal tadlitalor from the organization. 

The chosen fedlitator is emailed and grartted security and read-only 
access to a user's file. The facilitator is automatically copied on all 
appeal process communications. The system records the aD 
communications and vvritten activity. 

Internal officers are automatically prompted and sent a notice to 
schedule the appeal meeting with the new facilitator. The process is 
reported, stored, and tracked in the policy effectiveness module. 

The appeal report is automatically sent to: 
« Policy Efftetiveness 

• The policy officer and the user via email 

• The poBcy officer and the user via snail mall 

The user is automatically sent information to inform him of his rights. 
To access further information, dick on the appeal lcoq£[^^ra^ 


1 
1 




(>)(<) (main MENU^(^ EXIT ^ 
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Figure 46 
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Policy Effoctivmiess Reports 

Compliance Reports 








Enter accass code: 

1 1 






Enter hardware token: 


1 

1 
1 




1 1 

Choose report(s) to review: 

User/User profiles 

Network nodes 

Department 

Division 

Branch 

Application 

Tirne duration 

Timeframe based on: 

Historical and statistical reports 

Current 

Year-to^ate 

Custom timeframes 

Other 


(^(mainmenu)(^ exit ^ 
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Figure 47 
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Policy Effectiveness Reports 

Enterprise-Wide Reports 


_ — 






Enter access coda: 
Enter hardware token: 

Choose report(8) to review: 

Policy compriance reports 
Risk assessment 

Strengths and weaknesses In policy compliance 

and non-compfianoe 

Email compliance reports 

Software compliance reporting 

Patterns, statistics and assessment of policy vralations 

and non-conrpllance 
System backup reports 
Document tracking reports 
Aucfit and reconciliation reports 


(>) (<) (main MENU^ 
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Figure 48 







Policy Effectiveness Action 




Name: SystemAdmOVirLcoffn 

Violation IMI: Level 2 
Branch l.ocalion: Minneapolis 
Time: 11:20 a.m. 
Date: May 20, 1998 
CC: Netwoft^Virtcofn 

Policy@vjrtualworkspaoe.coni 
Foe Attachments: PoGcy Effectiveness Action Report 

Policy Efifectiveiies has IznplcnientBd a policy cibangfs far petsonal cnudl 
usage. 

Hie new policy set the daily personal email usage at 35 messages vs. the 
previous 30 message limit Tlie peisonal email policy can be accessed at 
ht^://www.policy4ieisanaIemml.com 


^ ^(mainmenu^(^end^ exit J 
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Figure 49 









Policy Resources 


( 


















■ i 




1 % Policy Reference Library 








1 h Legal Research 








1 ii Tiie Virtual Policy Manual 








1 i Policy Basics 


1 




1 1 Software Resources 
including 

software listings and 
1 \ updates 


1 




1 1 Software Registration 






Tech and User Support 






(?) (<) MENu)(^END^(^RINr) ^ EXIT ^ 
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NETWORK POLICY MANAGEMENT AND 
EFFECTIVENESS SYSTEM 

BACKGROUND 
[0001] 1. Field of the Invention 

[0002] This invention relates in general to networked 

computing systems, and more particularly, to a system for 
maintaining network security policy compliance. 

[0003] 2. Description of Related Art 

[0004] The Internet and computer networks allow organi- 
zations to store applications and information on central 
servers, waiting to be called up and manipulated from any 
location. Networks allow people greater access to files and 
other confidential information. Global networks, including 
the Internet, and remote access increase the vulnerability of 
corporate data, increase the risk of information leaks, unau- 
thorized document access and disclosure of confidential 
information, fraud, and privacy. 

[0005] Employees are the greatest threat to an organiza- 
tion's information security. Employees with access to infor- 
mation resources including email, the Internet, and on-line 
networks significantly increase the security risks. 

[0006] Employees are using email for personal purposes 
creating questions of appropriate use of company resources, 
workplace productivity and appropriateness of message con- 
tent. One of the greatest sources of information leaks is 
employee sent email. With electronic communication and 
networks, an electronic paper trail is harder to determine, 
since no record of who accessed, altered, tampered with, 
reviewed, or copied a file can make it very difficult to 
determine a document's authenticity, and provide an audit 
and paper trail. In addition, there is no automated system to 
centrally collect, analyze, measure, index, organize, track, 
determine authorized and unauthorized file access and dis- 
closure, link hard copy information with electronic files 
including email, and report on how information flows in and 
out of an organization. 

[0007] Setting proper use and security policies are a 
method to create order and set standards for network use. 
Policies are ineffective unless users understand and comply 
with the policies. Unfortunately, most organizations do not 
have tangible proof when, and if, a network-based policy 
violation has occurred until long after the damage has been 
done. Due to the technical nature of network policy viola- 
tions, policy enforcement officers may not have adequate 
knowledge, skill, and evidence to properly execute a policy 
violation claim. Cases of selective policy enforcement can 
occur if policy violations are not consistently reported, filed, 
investigated, and resolved. 

[0008] Employees often view e-mail as equivalent to a 
private conversation. This view often does not reflect the 
official position of the organization. These communications 
reflect preHminary thoughts or ideas that have not been 
reviewed by the organization and typically only reflect the 
personal opinion of the parties involved. Yet, since employ- 
ees of the organization create these communications, courts 
and regulatory agencies have concluded that employee com- 
munications can reflect the organization's view. There is a 

further need for network communications software pro- 
This PDF- of U.S. Published Application 20050010820 pi-ovided by 



grams that offers robust policy compHance assistance, policy 
effectiveness monitoring and reporting. 

[0009] There is a need for an automated system to assist 
policy enforcement officers with proper policy enforcement 
procedure, and methods to measure policy effectiveness, 
appropriateness, user system activity and compliance. 

SUMMARY OF THE INVENTION 

[0010] To overcome the limitations in the prior art 
described above, and to overcome other limitations that will 
become apparent upon reading and imderstanding the 
present specification, the present invention discloses a 

method and apparatus for maintaining policy compliance on 
a computer network. A system in accordance with the 
principles of the invention performs the steps of electroni- 
cally monitoring network user compliance with a network 
security policy stored in a database, electronically evaluat- 
ing network security policy compHance based on network 
user compliance, and electronically undertaking a network 
policy compliance action in response to network security 
policy compliance. The network policy compliance actions 
may include electronically implementing a different network 
security policy selected from network security policies 
stored in the database, generating policy effectiveness 
reports, and providing a retraining module to network users. 

[0011] One preferred embodiment of the present invention 

includes notifying a network user and a policy administrator, 
providing a retraining module to the network user, and 
restricting the network user's network access rights in 
response to monitoring network user compliance. 

[0012] These and various other advantages and features of 
novelty which characterize the invention and various pre- 
ferred embodiments are pointed out with particularity in the 
claims which are annexed hereto and which form a part 
hereof. However, for a better understanding of the invention, 
its advantages, and the objects obtained by its use, reference 
should be made to the drawings which form a further part 
hereof, and to accompanying descriptive matter, in which 
there is illustrated and described specific examples of appa- 
ratus in accordance with preferred embodiments of the 
invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0013] Referring now to the drawings in which like ref- 
erence numbers represent corresponding parts throughout: 

[0014] FIG. 1 is a block diagram illustrating a poHcy 
effectiveness system according to an embodiment of this 
invention; 

[0015] FIG. 2 is a block diagram illustrating the steps 
performed by the policy training module according to an 
embodiment of this invention; 

[0016] FIGS. 3A-3C are block diagrams further illustrat- 
ing the steps performed by a policy training module accord- 
ing to an embodiment of this invention; 

[0017] FIG. 4 is a block diagram further illustrating the 
steps performed by a policy training module in administer- 
ing a policy training exam; 

[0018] FIG. 5 is a block diagram further illustrating the 

operation of a policy effectiveness system according to an 

embodiment of this invention; 
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[0019] FIG. 6 is a block diagram illustrating the steps 
performed by a policy compliance and reporting module 
according to an embodiment of this invention; 

[0020] FIG. 7 is a block diagram further illustrating the 
steps performed by a policy compliance and reporting 
module according to an embodiment of this invention; 

[0021] FIG. 8 is a block diagram illustrating the appeal 
process performed by a policy compliance and reporting 
module according to an embodiment of this invention; 

[0022] FIG. 9 is a block diagram further illustrating a 
policy effectiveness system according to an embodiment of 
this invention; 

[0023] FIG. 10 is an exemplary screen display illustrating 
the opening screen for policy training according to an 
embodiment of the invention; 

[0024] FIG. 11 is an exemplary screen display illustrating 
the terms of the software licensing agreement according to 
an embodiment of the invention; 

[0025] FIG. 12 is an exemplary screen display illustrating 
the terms of the continuation of the software licensing 
agreement according to an embodiment of the invention; 

[0026] FIGS. 13 and 14 are exemplary screen displays 
illustrating the terms of the privacy agreement according to 
an embodiment of the invention; 

[0027] FIG. 15 is an exemplary screen display illustrating 
the choosing a screen identity according to an embodiment 
of the invention; 

[0028] FIG. 16 is an exemplary screen display illustrating 
assigning the user a session number according to an embodi- 
ment of the invention; 

[0029] FIG. 17 is an exemplary screen display illustrating 
the introduction to the virtual facilitator according to an 
embodiment of the invention; 

[0030] FIG. 18 is an exemplary screen display illustrating 
the suggested policy according to an embodiment of the 
invention; 

[0031] FIG. 19 is an exemplary screen display illustrating 
the network user discussion options according to an embodi- 
ment of the invention; 

[0032] FIG. 20 is an exemplary screen display illustrating 
group policy discussions according to an embodiment of the 
invention; 

[0033] FIG. 21 is an exemplary screen display illustrating 
policy writing according to an embodiment of the invention; 

[0034] FIG. 22 is an exemplary screen display illustrating 
the network user discussion options according to an embodi- 
ment of the invention; 

[0035] FIG. 23 is an exemplary screen display illustrating 
the policy consensus according to an embodiment of the 
invention; 



[0037] FIG. 25 is an exemplary screen display illustrating 
the policy exam according to an embodiment of the inven- 
tion; 

[0038] FIG. 26 is an exemplary screen display illustrating 
a training feedback and evaluation form according to an 
embodiment of the invention; 

[0039] FIG. 27 is an exemplary screen display illustrating 
an Appropriate Use Agreement/Employee Agreement form 
according to an embodiment of the invention; 

[0040] FIG. 28 is an exemplary screen display illustrating 
an Appropriate Use Agreement/Employee Agreement form 
according to an embodiment of the invention; 

[0041] FIG. 29 is an exemplary screen display illustrating 
the end of the training according to an embodiment of the 
invention; 

[0042] FIG. 30 is an exemplary screen display illustrating 
the policy compliance and reporting according to an 
embodiment of the invention; 

[0043] FIG. 31 is an exemplary screen display illustrating 
the User Profile according to an embodiment of the inven- 
tion; 

[0044] FIG. 32 is an exemplary screen display illustrating 
Email Compliance according to an embodiment of the 

invention; 

[0045] FIG. 33 is an exemplary screen display illustrating 
Document Management according to an embodiment of the 

invention; 

[0046] FIG. 34 is an exemplary screen display illustrating 
Software Compliance according to an embodiment of the 
invention; 

[0047] FIG. 35 is an exemplary screen display illustrating 
the audit function according to an embodiment of the 
invention; 

[0048] FIG. 36 is an exemplary screen display illustrating 
Network Non-Compliance Notice according to an embodi- 
ment of the invention; 

[0049] FIG. 37 is an exemplary screen display illustrating 
a Network Compliance Action Notice according to an 
embodiment of the invention; 

[0050] FIG. 38 is an exemplary screen display illustrating 
a poHcy compliance violation report according to an 
embodiment of the invention; 

[0051] FIG. 39 is an exemplary screen display illustrating 
a network policy action notice according to an embodiment 
of the invention; 

[0052] FIG. 40 is an exemplary screen display illustrating 
a policy knowledge query according to an embodiment of 
the invention; 

[0053] FIG. 41 is an exemplary screen display illustrating 
a policy compliance violation report according to an 
embodiment of the invention; 



[0036] FIG. 24 is an exemplary screen display illustrating [0054] FIG. 42 is an exemplary screen display illustrating 

the policy training options according to an embodiment of a policy compliance violation code and report according to 

the invention; an embodiment of the invention; 
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[0055] FIG. 43 is an exemplary screen display illustrating 
a System Violation Notice Email and Snail Mail Notice 
according to an embodiment of the invention; 

[0056] FIG. 44 is an exemplary screen display illustrating 
a Subsequent Action Report according to an embodiment of 
the invention; 

[0057] FIG. 45 is an exemplary screen display illustrating 
The Appeal Process according to an embodiment of the 
invention; 

[0058] FIG. 46 is an exemplary screen display illustrating 
policy effectiveness reports according to an embodiment of 
the invention; 

[0059] FIG. 47 is an exemplary screen display illustrating 
policy effectiveness reports according to an embodiment of 
the invention; 

[0060] FIG. 48 is an exemplary screen display illustrating 
a policy effectiveness action according to an embodiment of 
the invention; and 

[0061] FIG. 49 is an exemplary screen display illustrating 
policy resources according to an embodiment of the inven- 
tion. 

DETAILED DESCRIPTION OF THE 

INVENTION 

[0062] In the following description of the exemplary 
embodiments, reference is made to the accompanying draw- 
ings that form a part hereof, and in which is shown by way 
of illustration a specific embodiment in which the invention 
may be practiced. It is to be understood that other embodi- 
ments may be utilized and that structural changes may be 
made without departing from the scope of the present 
invention. 

[0063] The present invention provides a method and appa- 
ratus for maintaining policy compliance on a computer 

network. 

[0064] FIG. 1 is a block diagram illustrating policy effec- 
tiveness system 100 according to an embodiment of this 
invention. The hardware generally implementing the policy 
effectiveness system 100 may include computers having 
processors and memories distributed over a network as is 
well-known in the art. The memory may include RAM or 
fixed storage. The program steps implementing this inven- 
tion are stored in the memory and executed by the computer 
processor. The present invention is may be implemented 
using an intranet based application that can be stored on 
central servers, waiting to be called up and manipulated via 
a Web browser from any location. Those skilled in the art 
will recognize that a variety of configurations can be used 
without departing from the scope of the present invention 
and that a wide variety of distributed and multi-processing 
systems may be used. Each of the blocks of FIG. 1 will be 
introduced, followed by a detailed explanation of each 
block. 

[0065] Block 105 represents a policy training module for 

developing network security policies. 



[0067] Block 115 represents a policy compliance and 
reporting module for managing information received from 
the compliance monitor. 

[0068] Block 120 represents the policy effectiveness mod- 
ule for managing the policy training module 105 and com- 
pliance monitor 110. 

[0069] Block 130 represents the database for storing 
policy and compHance information for the policy effective- 
ness system 100. 

[0070] Block 135 represents the document management 
system of the compliance monitor 130. 

[0071] Block 140 represents the email compliance system 
of the compliance monitor 130. 

[0072] Block 145 represents the policy resource module 
for storing and managing policy resources. 

[0073] Block 150 represents the user profile module for 
storing user information. 

Policy Training Module 105 

[0074] The policy training module 105 typically is an 
interactive, multimedia, policy awareness training program 
which helps employees gain a better understanding of the 
basic concepts of network security, email and Internet tech- 
nologies. 

[0075] The policy training module 105 presents the net- 
work user with a suggested network policy the organization 
wishes to implement. Policy training module 105 is 
designed to help the user understand potential risks that an 
organization faces if a policy is not implemented, the 
potential advantages and disadvantages of the policy in 
question, and the management and ethical principles affect- 
ing the potential policy in question. The network policies are 
generated by guidelines created from employee feedback 
obtained during a training session. 

[0076] The policy training module 105 is comprised of 
several templates. When the system is first implemented, 
policy consultants work with management personnel within 
an organization to determine the organization's policies for 
the initial training sessions, which may relate to, for 
example, an entire enterprise or a specific department of an 
enterprise. The initial poHcies are entered into a policy 
training database 130 and are the foundation for the initial 
training programs. As is further described below, after the 
initial policy training session, the policy effectiveness sys- 
tem 100 will analyze all of the information gathered from the 
areas it monitors and compare it to each network user profile 
150 to determine the policy training needs of individual 
network users. Then, the system customizes the policy 
training materials for the user training sessions. 

[0077] To access policy training materials, the user is 
prompted to enter a password and hardware token. The user 
may be shown a hypertext list of policy training options. The 
training options may be, for example, to enter a policy 
training session, review for a policy exam, or take a policy 
exam. 

[0078] Policy Training Session 



[0066] Block 110 represents a policy compliance monitor [0079] The policy training session may combine interac- 

for monitoring compliance across the network. tive multimedia, group policy development discussions, and 
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policy exercises with individual policy review and feedback 
screens. The result is typically employee generated policy 
guidelines for network security policies. 

[0080] In the preferred embodiment, the computer screen 
for the policy training session is divided into three frames. 
The divided screen gives the user the option to review and 
answer policy recommendation questions, see and partici- 
pate in group policy discussions, and pause the interactive 
group policy discussion session. After pausing the interac- 
tive group policy discussion section, the user may review 
dynamic policy recommendations and statistics from previ- 
ous policy sessions, request additional information on a 
topic or subject presented during the previous policy ses- 
sion, or seek technical and product support. 

[0081] The policy training module 105 collects and 
records both individual and group policy recommendations. 
The poHcy training module 105 uses the user's policy 
recommendations as a benchmark for other users to use 
during policy creation/training sessions, and to track policy 
training effectiveness. 

[0082] FIG. 2 is a block diagram illustrating the steps 
performed by the policy training module according to an 
embodiment of this invention. 

[0083] Block 200 represents the beginning of the policy 
training process. FIG. 10 is an exemplary screen display 
illustrating the opening screen for policy training according 
to an embodiment of the invention. The user may be asked 
to read a licensing agreement and indicate if he accepts or 
declines the terms of the agreement by cHcking on the 
appropriate icon. FIG. 11 is an exemplary screen display 
illustrating the terms of the software licensing agreement 
according to an embodiment of the invention. FIG. 12 is an 
exemplary screen display illustrating the terms of the con- 
tinuation of the software licensing agreement according to 
an embodiment of the invention. A message stating the 
privacy rights of the user typically remains on the screen 
until the user clicks on an accept or decline icon. FIGS. 13 
and 14 are exemplary screen displays illustrating the terms 
of the privacy agreement according to an embodiment of the 
invention. 

[0084] Block 202 represents the policy training module 
105 presenting the network user with screen personality 
options. A screen personality represents a person who is 
executing the training session under an assumed screen 
name and identity. In other words, a screen relates to a real 
person taking a training session. The user is typically 
presented with a screen and is asked to choose a screen name 
and identity (e.g., Avatar) from a list of screen personalities 
for the training session. Such screen personalities give users 
greater privacy and the freedom to answer policy questions 
without fear of retaliation from other employees participat- 
ing in the program. FIG. 15 is an exemplary screen display 
illustrating the choosing a screen identity according to an 
embodiment of the invention. 

[0085] Block 204 represents the policy training module 
105 recording the network user's screen personality in the 
policy effectiveness database. 

[0086] Block 204 represents the poHcy training module 
105 assigning the user a session number. FIG. 16 is an 

exemplary screen display illustrating assigning the user a 
session number according to an embodiment of the inven- 
tion. 

This PDF- of U.S. Published Application 20050010820 pi-ovided by 



[0087] Block 206 represents the policy training module 
105 recording the network user's session number. The 
session number may be used to track and reference the 
training session in the policy effectiveness module. 

[0088] Block 208 represents the policy training module 
105 presenting the network user with a virtual training room. 
The user may be prompted to click on an icon to enter the 
virtual training room. The virtual training room is typically 
similar to an Internet chat room. 

[0089] Block 208 represents the policy training module 
105 presenting a virtual facilitator. In a preferred embodi- 
ment, the user is introduced to the program's virtual facili- 
tator who introduces the training participants to each other, 
explains the training rules, and assures the training program 
remains on schedule. The virtual facilitator is typically 
stored in the poHcy training database 130. FIG. 17 is an 
exemplary screen display illustrating the introduction to the 
facilitator according to an embodiment of the invention. 

[0090] In the preferred embodiment, a maximimi of 5 
screen personalities can participate per training session. 
Block 212 is a decision block representing the policy 
training module 105 determining if there are less than three 
participants registered for a session. If so, block 220 repre- 
sents the policy training module 105 determining the num- 
ber of virtual personalities needed for the system; otherwise, 
control is passed to decision block 214. The system monitors 
the number of screen personalities registered for a training 
session. The system records each user's training session 
including the user's policy suggestions, individual feedback 
and onscreen comments provided during the training ses- 
sion. Block 222 the system generates a virtual personality to 
participate in the training session. A virtual personality may 
be implemented in the form of a template having fields 
including information copied from a user's previous training 
session. When the policy training module 105 determines 
that a virtual personality is needed for a training session, the 
present system may be implemented so that the module 105 
launches an algorithm to generate a virtual personaHty to 
participate in the training session. The algorithm copies 
information from the policy recommendation database 224 
stored in database 130. Block 226 represents the policy 
training module 105 storing the virtual personality in the 
database 224. The policy recommendation database 224 is 
comprised of policy information previously submitted by a 
screen personality including policy suggestions, individual 
feedback and onscreen comments provided during previous 
training sessions. Virtual personaHty information obtained 
during previous training session is retrieved from the policy 
recommendation database 224. The algorithm copies the 
policy information from the previous policy modules, posi- 
tions and scripts the policy information for the present 
training session. Script is defined as positioning and pacing 
the policy information per policy module to make it appear 
as though it is occurring in real-time. This provides the user 
with a virtual personality and an interactive, simulated 
real-time training experience without the user being depen- 
dent upon the availability of others for interaction, discus- 
sions and training. After introductions, the user is typically 
prompted to click on either an agree or decline icon to 
indicate his understanding of the training rules and to 
indicate his readiness to proceed. Block 220 represents the 

policy training module 105 generating a policy. 
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[0091] Block 214 is a decision block representing the 
policy training module 105 determining if there are less than 

five screen personalities registered for the session. If so, 
block 216 represents the policy training module 105 divid- 
ing the participants into two sessions; otherwise, control is 
passed to block 220 which represents the policy training 
module 105 generating a policy. Block 216 represents the 
policy training module 105 assigning the participants a new 
session number. 

[0092] The Policy Training Process: 

[0093] FIGS. 3A-3C are block diagrams further illustrat- 
ing the steps performed by the policy training module 105 in 
performing the generating a network security policy step 
represented by block 220 according to an embodiment of 
this invention; 

[0094] Block 300 represents the policy training module 
105 indicating that the network user is ready to begin policy 
training by presenting the network users with suggested 
policy information. 

[0095] Block 302 represents the policy training module 
105 receiving suggested policies from the network users. 
FIG. 18 is an exemplary screen display illustrating the 
suggested policy according to an embodiment of the inven- 
tion. The suggested policy information typically is stored in 
a policy training database 130. The user is asked to review 
the policy information and a policy suggestion for a limited 
period of time. The policy training module 105 collects a 
policy suggestion from each network user's policy review 
session. 

[0096] Block 304 represents the policy training module 

105 recording all individual policy recommendations. 

[0097] Block 306 represents the policy training module 
105 prompting the network user to join a group discussion 
after the network user has reviewed the information on his 
own. The network user indicates his readiness to join the 
group discussion, such as by clicking an icon. The network 
user's signal may be sent to the other participants' screens. 
FIG. 19 is an exemplary screen display illustrating the 
network user discussion options according to an embodi- 
ment of the invention. 

[0098] Block 308 represents the policy training module 
105 notifying the other participants that a network user is 

prepared to enter the group session. Once the individual 
network users are ready to discuss the policy, the facilitator 
begins the session monologue and monitors the session's 
content and time. 

[0099] Block 310 represents the policy training module 
105 retrieving the electronic facilitator from the database 
120. The electronic facilitator serves as a moderator for the 
training module. For example, the electronic facilitator 
prompts the users for input and monitors the time spent on 
each issue. 

[0100] Block 312 represents the policy training module 
105 connecting individual network users to the policy train- 
ing chat room. 

[0101] Blocks 314, 316 and 318 represent the individual 
network user computers connected to the policy chat room 
of the policy training module 105. One or more individual 
network user's policy recommendations may be displayed to 
the group. 
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[0102] Block 322 represents the policy training module 
105 displaying network user policy recommendation to the 
group. The policy recommendations may be shown in a 
different color and font. FIG. 20 is an exemplary screen 
display illustrating group policy discussions according to an 
embodiment of the invention. The individual recommenda- 
tions are used to develop a group policy consensus. 

[0103] From the discussion, the group confers, online, to 
write a policy recommendation. All group participants can 
view the policy recommendations and group discussions 
from previous policy training sessions. FIG. 21 is an exem- 
plary screen display illustrating policy writing according to 
an embodiment of the invention. 

[0104] Block 324 is a decision block representing the 
policy training module 105 querying the user regarding 
whether he wants more policy information. If so, block 326 
represents the policy training module 105 retrieving the 
policy training information and displaying it to applicable 
network users; otherwise block 328 represents the policy 
training module 105 collecting policy recommendations 
from the group. The group confers, online, to write a policy 
recommendation. The policy training module 105 collects 
and records all group policy recommendations. FIG. 22 is 
an exemplary screen display illustrating the network user 
discussion options according to an embodiment of the 
invention. 

[0105] Block 330 represents the policy training module 
105 recording the group policy recommendations in the 
policy recommendation database 224. 

[0106] Block 332 represents the policy training module 
105 calculating and ranking the group responses in the 
policy training database. For example, the policy with the 

most user votes may be the policy of group consensus. 

[0107] Block 334 is a decision block representing the 
policy training module 105 determining if a policy consen- 
sus has been achieved. If so, then block 336 represents the 
policy training module 105 displaying the group consensus; 
otherwise, control typically is returned to block 322. If there 
is a tie for group consensus, the system requires network 
users to review the policy options and re-vote. Each user's 
policy information is displayed the group reconsiders their 
recommendations and attempts to come to a group policy 
consensus. 

[0108] The process illustrated in blocks 322 through 334 
is repeated until a group policy consensus is achieved. 

[0109] Block 336 represents the policy training module 
105 displaying policy consensus. FIG. 23 is an exemplary 
screen display illustrating the policy consensus according to 
an embodiment of the invention. 

[0110] Block 338 represents the policy training module 
105 recording the policy consensus. The process of devel- 
oping a consensus policy is repeated until all of the policy 
modules have been reviewed and addressed. 

[0111] Block 340 is a decision block representing the 
policy training module 105 determining if there are no 
additional policy modules to complete. 

[0112] If so, block 300 represents a repeat of the policy 

generation process; otherwise, block 342 represents the 

policy training module 105 presenting a suggested policy to 
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the network user and assembling and recording the group 
consensus policies from each policy module. 

[0113] The policy training module 105 assembles and 
records the group consensus policies from each policy 
module in the network security policy database 130. 

[0114] Block 344 represents the end of the policy genera- 
tion process of the policy training module 105 

[0115] When the training session is completed, the net- 
work user is given the options to start the policy exam, 
review poHcy training materials, or end the session. FIG. 24 
is an exemplary screen display illustrating the policy train- 
ing options according to an embodiment of the invention. 

[0116] Start the Policy Exam 

[0117] FIG. 4 is a block diagram further illustrating the 
steps performed by the policy training module in adminis- 
tering a policy training exam according to an embodiment of 
the present invention. The network user is given an online 
poHcy exam to reinforce the information presented in the 
policy training session. 

[0118] Block 400 represents the policy training module 
105 receiving a request for a policy training exam from the 
network user. 

[0119] Block 402 represents the policy training module 
105 retrieving a policy exam from the policy training 
database 130 and presenting it to the network user. FIG. 25 
is an exemplary screen display illustrating the policy exam 
according to an embodiment of the invention. Once the 
network user completes the exam, he is prompted to send the 
exam to policy effectiveness 120 where the information 
regarding the user's taking of the exam is recorded. 

[0120] Block 404 represents the policy training module 
105 receiving the exam answers from the network user and 

tabulating the network user's score. During the exam tabu- 
lation period, the network user is asked to fill out a policy 
training feedback and evaluation form. 

[0121] Block 406 represents the policy training module 
105 retrieving a policy training feedback and evaluation 
form from the policy training database 130 and sending it to 
the network user. FIG. 26 is an exemplary screen display 
illustrating a training feedback and evaluation form accord- 
ing to an embodiment of the invention. The network user 
completes the policy training feedback and evaluation form 
and returns it to the policy training module 105. 

[0122] Block 408 represents the policy training module 
105 storing the policy training feedback and evaluation form 

in the User's Profile database 150. 

[0123] Block 410 represents the policy training module 
105 sending the network user his exam score after the 
feedback and evaluation form is completed. 

[0124] After the employee completes the policy building 
session, the policy training module 105 may request that the 
user sign an Appropriate Use Agreement/Employee Agree- 
ment designed to limit the organization's liability. FIG. 27 
is an exemplary screen display illustrating an Appropriate 
Use Agreement/Employee Agreement form according to an 
embodiment of the invention. FIG. 28 is an exemplary 
screen display illustrating an Appropriate Use Agreement/ 

Employee Agreement form according to an embodiment of 
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the invention. Block 412 represents the policy training 
module 105 sending the network user an Appropriate Use 

Agreement/Employee Agreement. The user reads and signs 
the Agreement. The user returns the Agreement to the policy 
training module 105. The signed Agreement is kept in the 
User Profile database 200 and a copy is emailed to the user 
for his records. 

[0125] Block 414 represents the policy training module 
105 receiving the Agreement and storing it in the User 
Profile 150. 

[0126] Block 416 represents the policy training module 
105 sending an email message to the network user with a 
copy of the Agreement attached. 

[0127] Block 418 represents the end of the policy exam 
process. FIG. 29 is an exemplary screen display illustrating 
the end of the training according to an embodiment of the 
invention. If the user fails the exam, the policy training 
module 105 will ask him if he wants to retake the exam, 
review policy training materials, or end the session. 

Policy Compliance Monitor 110 

[0128] The Policy Compliance Monitor 110 works with 
the Policy Effectiveness Module 120 to provide network 
user compliance monitoring with network security policy 
stored in a database, it electronically evaluates network 
security policy compliance based on network user compli- 
ance, and undertakes a network policy compliance action in 
response to network security policy compliance. Network 
user compliance monitoring is defined as monitoring net- 
work activity to insure users are in compliance with the 
organization's network security policies. Network security 
policy is a set of rules designed to limit an organization's 
risk and liability. 

[0129] FIG. 5 is a block diagram further illustrating the 
operation of the policy effectiveness system according to an 
embodiment of this invention. 

[0130] The policy compliance monitor oversees user pro- 
file, email comphance, internet comphance, document man- 
agement and software compliance functions to collect net- 
work user security policy compliance activities. FIG. 30 is 
an exemplary screen display illustrating the policy compli- 
ance and reporting according to an embodiment of the 
invention. 

[0131] Block 110 represents the policy compliance moni- 
tor of the policy effectiveness system 100. 

[0132] Block 150 represents the user profile module of the 
policy effectiveness system 100. The user profile module 
150 is a database comprised of information about network 
users. For example, the user profile module 150 may contain 
information about network user policy compliance history, 
employment history, and network identification information. 
FIG. 31 is an exemplary screen display illustrating the User 
Profile according to an embodiment of the invention. 

[0133] Block 140 represents the email compliance module 
of the policy effectiveness system 100. The email compli- 
ance module 140 collects information on network users' 
email use activity. FIG. 32 is an exemplary screen display 
illustrating email compliance according to an embodiment 

of the invention. 
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[0134] Block 135 represents the document management 
module of the policy effectiveness system 100. FIG. 33 is an 

exemplary screen display illustrating Document Manage- 
ment according to an embodiment of the invention. The 
document management module 135 collects information on 
documents in the system. This may include document his- 
tory, document authenticity, network user access to docu- 
ments, and document access and disclosures. 

[0135] Block 500 represents the software compliance 
module of the policy effectiveness system 100. The software 
compliance module 500 collects information on how net- 
work users utilize software on the network. FIG. 34 is an 
exemplary screen display illustrating Software Compliance 
according to an embodiment of the invention. 

[0136] Block 502 represents the audit function of the 
policy effectiveness system 100. The audit function collects 
information from all of the policies monitored by the policy 
compliance monitor 110. Each monitored policy is assigned 
a value representing a target baseline compliance level for 
network policy compliance ("network policy compliance"). 
In the preferred embodiment, the numeric value assigned to 
each monitored policy is 95, representing that for each 
policy 95% user compliance is required. Each network user 
compliance activity has a numeric value the system monitors 
representing a target basehne compHance level for user 
policy compliance ("user policy compliance"). 

[0137] Block 504 represents the network security policy 
compliance database of the database 130. The baseline 
compliance level assigned to each monitored policy is stored 
in the network security policy compliance database 504 of 
the database 130. The audit function is responsible for 
reviewing network user compliance and network security 
policy. 

[0138] FIG. 35 is an exemplary screen display illustrating 
the audit function according to an embodiment of the 
invention. Block 506 represents the network security policy 
database. The network compliance value is monitored in 
relation to the user compHance value stored in the network 
security policy database 506. 

[0139] Block 508 is a decision block representing the 
policy effectiveness system 100 analyzing the network 
policy compliance value in relation to the user compliance 
poHcy value. If the user policy compliance value is greater 
than or equal to the network policy compliance value, then 
block 120 represents the policy effectiveness system noti- 
fying the policy effectiveness module 120 that the network 
is in compliance. Otherwise, if the network policy compli- 
ance value is greater than the user policy compliance value, 
the policy compliance monitor 110 measures the difference 
between the network policy compliance value and the user 
policy compliance value and undertakes a network compli- 
ance action in response to that difference. Alternatively, the 
policy compliance monitor could undertake a network a 
compliance action anytime a policy violation occurred. 

[0140] FIG. 36 is an exemplary screen display illustrating 
Network Non-Compliance Notice according to an embodi- 
ment of the invention. Each policy is associated with a 
corresponding group of network policy compliance actions 
ranging from a mild (e.g., notifying a network user), level 
two (e.g. notifying the network user and a policy adminis- 
trator), level three (e.g., providing a retraining module to a 
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network user, restricting a network user's network access 
rights) and a level four action (e.g., restricting the network 

user's network access rights.) Each compliance action in the 
group is assigned a value related to a numeric value that may 
be reported from monitoring network user compliance. The 
numeric value assigned is based on the severity of the 
network policy compliance violation, i.e. the difference 
between the network policy compliance value and the user 
policy compliance value. 

[0141] Upon recording the difference between the network 
policy compliance value and the user policy compliance 
value, the policy compliance and reporting module 115 
records this information in the network security policy 
database 506 and begins imdertaking the appropriate net- 
work compliance action. 

[0142] For example, an organization may have a personal 
email use policy. The personal email use policy may limit 
each user to sending a maximum of 20 personal email 
messages per day. The system assigns the numeric value of 
95 to the personal email messages policy. A value of 100 is 
the optimum network policy compliance value. The com- 
pliance monitor collects information on network user com- 
pliance for personal email use. If an individual sends 25 
email messages, the system records a user policy compli- 
ance value of 90. The user policy compliance value of 90 is 
compared to the network policy compliance value of 100. 
The difference of 5 (95-90) indicates to the policy effec- 
tiveness system 100 that a network pohcy compliance action 
may be taken. In this example, a network user compliance 
value of 5 may tell the system to execute a network 
compliance action. 

[0143] In the preferred embodiment, the system has four 
action levels. Each action level may be undertaken in 

response to a range of differences in compliance values. 
FIG. 37 is an exemplary screen display illustrating a Net- 
work Compliance Action Notice according to an embodi- 
ment of the invention. 

[0144] At a first action level, the system may send an 
email notifying the network user to cease and desist the 
non-compliant activity. 

[0145] At a second action level, the system may prompt 
the system administrator to follow screen prompts to initiate 
procedures for the infraction. The policy effectiveness sys- 
tem 100 notifies the network user and a system administra- 
tor. Email and surface mail are automatically sent to the 
alleged violator and the system administrator. The message 
may ask the alleged violator to discontinue the inappropriate 
behavior or to reread the Intranet-base Policy Manual. The 
policy effectiveness system 100 records if the user visits the 
electronic site of the Policy Manual. 

[0146] At a third action level, the policy effectiveness 
system 100 may file a policy violation report and launch an 
investigation. The policy effectiveness system 100 sends 
email and surface mail to the alleged violator and the system 
administrator informing them of the violation. A policy 
retraining module may be the most likely course of action. 
At the third action level, the actions of the second infraction 
are initiated and additionally an immediate referral is made 
to the appropriate policy officer for review and action. 

[0147] At the fourth action level, the policy effectiveness 

system 100 may restrict the network user's network access 
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rights and prompt the system administrator to either begin 
investigation procedures and/or initiate a signal to the policy 
knowledge base to determine the recommended course of 

action. 

[0148] Block 510 represents the policy effectiveness sys- 
tem 100 undertaking a network policy compliance action. 
The policy effectiveness system 100 sends a signal to policy 
compliance and reporting 115 to record the non-compliant 
network user activity. 

Policy Compliance and Reporting 115 

[0149] The poUcy compliance and reporting module 115 
provides automated policy monitoring, policy violation pro- 
cedures and reporting, it tracks policy investigations and 
generates policy investigation reports. These procedures 
work in conjunction with existing policy compliance report- 
ing, discipline and grievance procedures to uphold the 
organization's technology policies. 

[0150] Compliance 

[0151] The policy compliance and reporting 115 monitors 
and records user and network system activities audit proce- 
dures and reporting, policy violation procedures/investiga- 
tions/reporting, compliance/non-compliance status report- 
ing. 

[0152] FIG. 6 is a block diagram illustrating the steps 
performed by a policy compliance and reporting module 
according to an embodiment of this invention. 

[0153] The policy compliance and reporting process 
begins when the policy compliance and reporting 115 
receives a signal from the compliance monitor 110 that a 
network compliance action has been taken. Block 510 
represents that a network compliance action has been taken 
by the policy effectiveness system 100. 

[0154] Block 600 represents the policy compliance and 
reporting 115 sending an email or pager message to the 
system administrator notifying the administrator that a net- 
work user compliance violation has occurred. The email 
message attaches a policy compliance violation report (file) 
to the email and instructs the system administrator to follow 
the compliance reporting procedures. FIG. 38 is an exem- 
plary screen display illustrating a policy compliance viola- 
tion report according to an embodiment of the invention. 
The email instructs the system administrator to log into the 
system, present a password and hardware token to access the 
policy violation reporting procedures and indicates the 
screen option to choose. The screen options available to the 
system administrator may include: file a policy compliance 
violation report, investigate a policy compliance violation 
report, review audit and system reports, the appeal process, 
review a user profile, policy resources, and policy effective- 
ness reports. 

[0155] File a Policy Violation Report 

[0156] In a preferred embodiment, a screen is displayed to 
the system administrator indicating a network user policy 
compliance violation has occurred and a network user 
compliance action, level two or greater, has been taken. The 

system administrator is instructed to click on an icon to 
access the network user policy compliance violation infor- 
mation and document the violation. FIG. 39 is an exemplary 
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screen display illustrating a network policy action notice 
according to an embodiment of the invention. 

[0157] Block 503 represents the policy compliance and 
reporting 115 retrieving the network user policy compliance 
violation documentation from the policy effectiveness mod- 
ule 120. Policy compliance and reporting 115 advises the 
system administrator on how to execute the designated 
network user compliance violation reporting procedures. 
This is achieved by prompting the system administrator 
through the reporting process and presenting a policy knowl- 
edge base. FIG. 40 is an exemplary screen display illustrat- 
ing a policy knowledge query according to an embodiment 
of the invention. A support icon is also available if the user 
needs to discuss a specific procedure with a Policy Consult- 
ant. 

[0158] Block 604 represents the policy knowledge data- 
base of the policy compliance and reporting 115. The policy 
knowledge database is comprised of automated network user 
policy compliance violation documentation. This may 
include network policy violation report forms, detailed 
reporting instructions, and investigation procedures check- 
list. The poHcy compHance and reporting 115 analyzes the 
network user poHcy compHance violation information from 
the poHcy knowledge database 604 and determines if an 
investigation action is needed. 

[0159] After the system analyzed the violation informa- 
tion, a policy violation investigation report form is displayed 
on the user screen. FIG. 41 is an exemplary screen display 
illustrating a policy compliance violation report according to 
an embodiment of the invention. All reports are documented 
in read-only format and all modifications and changes to the 
non-compliance reports are an addendum to the initial 
report. The system administrator is asked to supply the 
following network compliance violation information regard- 
ing the claim including the network user's name: E-mail 
address, title, department, mail station, type of violation 
(non-compliance drop down box), date of occurrence, date 
of report, and official report of the incident (MIS, the user, 
or policy officer). 

[0160] A code is assigned to the policy compliance vio- 
lation report. FIG. 42 is an exemplary screen display 
illustrating a policy compliance violation code and report 
according to an embodiment of the invention. Block 606 
represents the policy compliance and reporting 115 assign- 
ing a code to the policy compliance violation report. The 
code is used to identify and track the policy compliance 
violation report in the policy effectiveness database. The 
system administrator, the policy officer and the network user 
are the parties that may access the policy compliance 
violation report. To access the policy compliance violation 
report the system administrator, the policy officer and the 
network user are given the access code to the report and are 
registered in the system. While completing the report, the 
system administrator can access a network user's policy 
compliance report to review their network activity history. 
All report communications, including the policy compliance 
violation report, may automatically be sent via encrypted 
e-mail to a third party organization and are kept in escrow. 
This insures the organization cannot access the poHcy com- 
pliance reports in the system to change the content of the 
reports and insure that they follow due process procedures. 

[0161] The system administrator may contact the policy 

officer to schedule an in-person appointment with the net- 
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work user. Block 608 represents the policy compliance and 
reporting 115 recording the appointment. Block 610 repre- 
sents the poHcy compHance and reporting 115 scheduling 
the appointment. A hyperlink to a scheduling module is 
activated. An example of a schedule module is Microsoft's 
Schedule Plus. Several meeting options are listed on the 
violation report to be e-mailed and surface mailed to the 
network user. FIG. 43 is an exemplary screen display 
illustrating a System Violation Notice Email and Snail Mail 
Notice according to an embodiment of the invention. The 
system monitors and records the reporting and investigation 
process in the policy effectiveness database. 

[0162] All registered parties are automatically e-mailed 
the policy compliance violation report, all correspondence 
related to the report and the appointment date. Block 508 the 
report information is distributed. Copies of policy compli- 
ance violation report is automatically sent to policy effec- 
tiveness, e-mailed to policy officer, surface mailed to the 
network user, e-mailed to the network, and surface mail 
copy printed and sent to the network user. The surface mail 
and e-mail reports are form letters that may include an 
Internet address to help inform the network user about the 
policy compliance violation reporting process. Policy com- 
pliance and reporting 115 tracks and monitors the status of 
the complaint by monitoring the scheduling module and 
tracking where the report is in the system. Block 612 
represents the policy compliance and reporting 115 distrib- 
uting the policy compliance violation report information. 

[0163] Printed copies of the policy compliance violation 
report, correspondence, and related documents have a water- 
mark printed in the header of the print out of the policy 
compliance violation report with the words "corporate 
record" printed on the top corner of the document. The 
printout may include the date the document was created, 
who created the document, the version number of the report 
and the file path. This is used to insure the authenticity of the 
policy compliance violation report. 

[0164] Subsequent Action Report 

[0165] FIG. 7 is a block diagram further illustrating the 
steps performed by the policy compliance and reporting 
module 115 according to an embodiment of this invention in 
generating a subsequent action report. FIG. 44 is an exem- 
plary screen display illustrating a Subsequent Action Report 
according to an embodiment of the invention. Block 700 
represents the pohcy compliance and reporting module 115 
receiving a message from the schedule module to begin 
subsequent action procedures. The policy officer, the system 
administrator and the network user are automatically 
reminded via email of the requirement to individually file 
subsequent meeting reports with the system. Block 702 
represents the policy compliance and reporting module 115 
distributing notices via email. The policy officer, system 
administrator and the network user are required to present 
login and password/token information to file subsequent 
action reports with the system and to verify a policy com- 
pliance violation meeting occurred. 

[0166] The network user is also asked to sign an agree- 
ment indicating he attended the policy enforcement meeting 
and reviewed the policies of the organization. The system 
administrator and policy officer are asked to confirm and 
document that the meeting took place. All parties are com- 
plete the forms. Block 704 represents the policy compliance 
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and reporting module 115 retrieving subsequent action 
reports from the parties. The system stores the documents in 
the policy effectiveness database. 

[0167] The system administrator is prompted by the sys- 
tem to confirm in the subsequent action report form. The 
subsequent action form indicates if the network user policy 
compliance violation claim is still under investigation, pend- 
ing or is closed. 

[0168] Block 706 represents the policy compliance and 
reporting module 115 storing information related to the 

subsequent action reports. The policy compliance and 
reporting module 115 monitors the status of all network user 
compliance violations to insure that violation reports are 
properly reported and managed. 

[0169] The Appeal Process 

[0170] FIG. 8 is a block diagram illustrating the appeal 
process performed by a policy compliance and reporting 
module according to an embodiment of this invention. FIG. 

45 is an exemplary screen display illustrating The Appeal 
Process according to an embodiment of the invention. After 
filing the subsequent action report, the system gives the 
network user the opportunity to respond to appeal the 
network compliance violation. Block 800 represents the 
policy compliance and reporting module 115 prompting 
network user with the appeal option. Block 802 represents 
the policy compliance and reporting module 115 receiving a 
signal to begin appeal process. The network user is given the 
option of choosing an appeal facilitator from the organiza- 
tion. Appeal facilitators are employees of the organization 
randomly chosen by the system to act a facilitator for the 
appeal process. The policy compliance and reporting mod- 
ule 115 reviews network user profiles and chooses the 
network users with the lowest network user policy compli- 
ance violation records to be facilitator candidates. Block 804 
represents the policy compliance and reporting module 115 
retrieving appeal facilitator information from the policy 
compliance and reporting database. The user chooses the 
facilitator from the Appeal screen. The system records the 
process and automatically sends an email to the facilitator. 
Block 806 represents the policy compliance and reporting 
module 115 recording the facilitator. Block 808 represents 
the poHcy compliance and reporting module 115 assigning a 
password to the facilitator. Block 810 represents the policy 
compliance and reporting module 115 sending an email to 
the facilitator. The e-mail explains the appeals process to the 
facilitator and provides the facilitator with the passwords 
needed to access to the network user policy compliance 
violator's file. The facilitator has read-only access to the 
network user compliance violation reports. The facilitator is 
automatically copied on all appeal process communications. 
The system records this activity and stores it in the policy 
effectiveness database. 

[0171] Next, the internal officers are automatically 
prompted and sent a notice to schedule the appeal meeting 
with the new facilitator, the network user, the system admin- 
istrator and the policy officer. Block 812 represents the 
policy compliance and reporting module 115 prompting 
users to schedule an appeal meeting. The process is reported 
to, stored, and tracked in the policy effectiveness module. 
Block 814 represents the policy compliance and reporting 
module 115 the system recording the process. The appeal 

report is automatically sent to internal policy officers. The 
Patent F'etcher^''"; a product of Stroke of Color, Inc. - Page 61 of 64 



us 2005/0010820 Al 



10 



Jan. 13, 2005 



network user is automatically sent information to inform 
him of his procedural rights. The appeal report is automati- 
cally sent to the policy effectiveness module, the policy 
officer and the network user, and a surface mail is sent to the 
policy officer and the violator. Block 816 represents the 
policy compliance and reporting module 115 distributing 
appeal information to all parties. 

[0172] The facilitator logs into the system and reviews all 
of the documents regarding the policy violation. The facili- 
tator, the policy officer and the suspected violator meet to 
listen to the violator's appeal. The facilitator and the policy 
officer are required to present login and password/token 
information to file appeal reports and to verify an appeal 
meeting occurred. Block 818 represents the policy compli- 
ance and reporting module 115 retrieving appeal report 
forms from policy compliance and reporting database. The 
appeal reports are comprised of several fields. The facilitator 
and the policy officer are required to complete the online 
reports. The policy effectiveness analyzes the appeal reports 
to determine the final decision. Block 820 represents the 
policy compliance and reporting module 115 analyzing the 
appeal reports. An email is sent to all parties with the final 
decision file attached. Block 822 represents the policy 
compliance and reporting module 115 distributing the final 
appeal decision. Block 824 represents the policy compliance 
and reporting module 115 transferring the appeal informa- 
tion to the policy effectiveness module 120. 

Policy Effectiveness 120 

[0173] The policy effectiveness module 120 electronically 
collects, records, analyzes and stores information from 
policy compliance monitoring, analyzes policy compliance 
and reporting, evaluates network policy compliance actions 
undertaken in response to the network security policy vio- 
lations and electronically implements a different network 
security policy selected from network security policies 
stored in a policy database. 

[0174] The policy effectiveness module 120 analyzes 
information collected from the policy compliance and 
reporting 115 to determine if network user compliance 
policies are effective. FIG. 46 is an exemplary screen 
display illustrating policy effectiveness reports according to 
an embodiment of the invention FIG. 47 is an exemplary 
screen display illustrating policy effectiveness reports 
according to an embodiment of the invention. If a policy is 
determined to be ineffective, a new policy may need to be 
implemented. 

[0175] The policy effectiveness module 120 monitors the 
policy compliance actions taken over a period of time. At the 
time the system is implemented, the system administrator 
may set the system to measure network compliance actions 
that have been undertaken on a monthly, quarterly, annual, 
historic (e.g., year-to-date) basis. After the monitoring time 
period has been recorded in the system, the system admin- 
istrator may record the number of network policy compli- 
ance actions, per network compliance policy, considered 
acceptable during a said period of time. 

[0176] The policy effectiveness module 120 analyzes the 

policy compliance actions stored in the policy compliance 

and reporting module 115. Each policy is assigned a value 

representing a target baseline compliance level for network 

policy compliance ("network policy compliance"). In the 
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preferred embodiment, the numeric value assigned to each 
monitored policy is 95, representing that for each policy 
95% user compliance is required. The level of user compli- 
ance for a group of network users with respect to a particular 
policy is monitored. The network user compliance activity 
for a group has a numeric value the system monitors 
representing the degree of group user policy comphance 
("group user policy compliance"). The network compliance 
value is monitored in relation to the user compliance value 
stored in the network security policy database 506. 

[0177] FIG. 9 is a block diagram further illustrating a 
policy effectiveness system according to an embodiment of 

this invention. 

[0178] Block 900 represents the policy effectiveness mod- 
ule 120 determining network policy compliance. Block 910 
represents the policy effectiveness module 120 determining 
group user compliance. Block 920 is a decision block 

representing the policy effectiveness module 120 analyzing 
the network policy compliance value in relation to the group 
user compliance policy value. If the group user policy 
compliance value is greater than or equal to the network 
policy compliance value, then block 940 represents the 
policy effectiveness module 120 recording that the network 
is in compliance with respect to a policy. Otherwise, if the 
network policy compliance value is greater than the group 
user policy compliance value, the policy effectiveness mod- 
ule 120 measures the difference between the network policy 
compliance value and the group user policy compliance 
value and may undertake a network compliance action in 
response to that difference. 

[0179] Each compliance action in the group is assigned a 
value related to a numeric value that may be reported from 
monitoring network user compliance. The numeric value 
assigned is based on the severity of the network policy 
compliance violation, i.e. the difference between the net- 
work policy compliance value and the group user policy 
compliance value. Upon recording the difference between 
the network policy compliance value and the group user 
policy compliance value, the policy effectiveness module 
120 records this information in the network security policy 
database 130 and begins undertaking the appropriate net- 
work compliance action. This action may include electroni- 
cally implementing a different network security policy 
selected from network security policies stored in the data- 
base, generating policy effectiveness reports, and providing 
a retraining module to network users. 

[0180] For example, the system administrator may have 
indicated that the password policy can not have more than 5 
network compliance action occur per month. If the network 
compliance action is greater than 5 actions per month, the 

system sends a message to retrieve a different policy from 
the database 130. The policy selected based on indexing 
criteria and on the difference between the group user policy 
compliance and the network policy compliance values. Each 
policy has several actions ranging from lenient to restrictive. 
The policy effectiveness module 120 reviews the informa- 
tion collected by policy effectiveness to determine which 
policy to modify and the action to take. The policy effec- 
tiveness module 120 records the policy change and sends an 
email message to the system administrator to confirm the 
policy changing process. FIG. 48 is an exemplary screen 

display illustrating a policy effectiveness action according to 
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an embodiment of the invention. An enterprise wide email is 
also sent to all network users to alert them to the change in 
policy. 

Policy Resources 145 

[0181] The policy effectiveness system 100 includes a 
policy resources 145 database and software resources data- 
base to help users and administrators maintain policy com- 
pliance. FIG. 49 is an exemplary screen display illustrating 
policy resources according to an embodiment of the inven- 
tion. Materials included in the policy resources database 145 
include a policy reference library, legal research, a policy 
manual, a and a self-serve policy section. The policy refer- 
ence library has a search engine to help the user quickly 
search and find policy information. Users can contact sup- 
port personnel either by email, page, telephony, fax, or 
telephone. It is important that users have immediate access 
to a support person, since major policy violations may 
require organizations to act quickly in order to protect their 
network from damage. Internal legal and policy personnel 
can access legal statutes and other related policy documen- 
tation relating to email and virtual policies in the workplace. 
The policy manual is presented to users such that they will 
be able to read and review the policy manual periodically. 
Users are periodically required to sign an online form 
indicating he or she has read the policies, and any policy 
revisions, and understands all of policies. Annual updated 
information will be highlighted for fast review. The policy 
effectiveness system 100 tracks users visit to the policy. The 
self-serve policy section allows the policy officer to revise 
the policy. The poHcy officer is prompted to access a policy 
database and is instructed to download a new policy when 
the system has determined that a policy is ineffective and 
users are consistently out of compliance with the current 
policy. The new policy(s) are automatically added to the 
policy effectiveness system and the organization's policy 
manual. 

[0182] Software resources include software listings and 
updates, guidelines for proper use including email etiquette, 
and netiquette training, Internet information and personal 
safety training, optional registration of an encryption private 
or pubhc key with the system, a listing of the organization's 
approved and licensed software, software downloading 
guidelines and approved procedures, tech support for user's 
questions Registering newly downloaded software to the 
system, management approved trialware, shareware and 
others for review by the organization, operations and support 
information, regulation, policy, and Freedom of Information 
Act materials, information explaining how the system works 
including product support and services, telephony, text- 
based support, and in-house support options, a simple do & 
don't security module for non technical activity, and online 
safety information 

[0183] Security, System Backup, and Recovery Processes 

[0184] Users must present a password and hardware token 
to access the policy effectiveness system 100. Most organi- 
zations concentrate their security resources on securing the 
perimeter of their network. Unfortunately, the greatest threat 
to an organization is its employees, who, with network 
access can cause greater damage than an external intruder. 

[0185] The policy effectiveness system 100 employs an 

electronic tag to monitor document level access, security 
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and to track information on a per document basis. This 
creates the opportunity to prove document authenticity, to 
track the copies and revisions of a document, and to monitor 
and report document access and disclosures. 

[0186] System Backup and Recovery 

[0187] The policy effectiveness system 100 has an online 
backup feature. This feature offers full redundancy, without 
the expense of off-site storage, and limits the process of 
physically cataloging and indexing backup tapes. Cataloging 
and indexing backups is automatically completed by the 
system. Backman is an existing software that does this. 

[0188] Software Compliance 

[0189] Most large organizations are not cognizant of the 
type of software licenses they have, which workstation 
and/or server has which software, who is using what soft- 
ware, and whether or not the organization is in compliance 
with their software licensing agreements. Users can easily 
download freeware, shareware trialware, and permware 
software from the Internet. All software is distributed with 
compliance conditions or restrictions of its use, even if it is 
identified as freeware, shareware and trialware, or is copy- 
righted but freely distributed. 

[0190] To effectively monitor an organization's software 

compliance, periodic network audits are needed to identify 
deviations in the software inventory, and to reconcile soft- 
ware license agreements with software and hardware inven- 
tories. Products that monitor software licenses are known in 
the art, for example the FlexIM software by Globetrotter. 

[0191] Each user is registered in the user profile database 
150. The user profile database 150 includes a user's hard- 
ware and software inventory information, as well as the 
user's name, user's email address, user's surface mail 
address, employment status (e.g., temp, contract, virtual), 
title, department, organizational chart indicating who the 
user reports to, the direct reports, his assistant, and mail 
station address. It also may indicate the software present on 
a user's workstation and the user's system access and 
security status. 

[0192] The user profile database 150 also retain copies of 
any Employment Agreements and other employment-related 
contracts, maintains a record of the users' policy training 
and exam status, policy compliance history, network activ- 
ity, and any special network access or privileges such as 
using the network for charitable use. Additionally, the user 
profiles 150 may also monitor software downloads from the 
network, or Internet, to hardware through network activity 
reports and network audits, including any software approved 
for use by management and other special approvals. Addi- 
tional user information can be monitored and collected to 
assist the organization's reporting needs. 

[0193] The poHcy effectiveness system 100 includes an 
object library/object level licensing system similar to 
FlexIM by Globretrotter. 

[0194] The poHcy compliance monitor 110 features 
dynamic updating and exchanging of software licensing 
agreements. The compliance monitor 110 reviews all soft- 
ware license agreements and maintains records of the vendor 
information. The compliance monitor 110 sends a notifica- 
tion to the system administrator indicating that a software 

license is about to expire. The system administrator is 
Patent F-etcher^'", a product of St.roke of Color, Inc. - Page 63 of 64 



us 2005/0010820 Al 



12 



Jan. 13, 2005 



prompted to send an email to the licensing organization to 
update the license agreement. Once the updated license 

agreement is received via email, the system automatically 
updates the software license registered and stored in the 
compliance monitor 110. 

[0195] The policy effectiveness module 120 monitors and 
tracks network activity including all hardware and software 
in the policy effectiveness system 100. This module can 
generate reports to track an organization's user access 
including failed login attempts and all attempts to launch 
privileged applications, any changes to system configuration 
parameters software downloads from the Internet, software 
and hardware usage, location of software, location of soft- 
ware license agreements, type of software agreements, coor- 
dination of software license agreements with software uti- 
lization, statistical and graphical information regarding 
justification for software purchases, upgrades and mainte- 
nance expense, software installations, software compliance, 
appropriateness, inappropriateness and excessive use of 
software and hardware resources throughout the enterprise, 
the number of people waiting for access to software appli- 
cations, access time, value of software being used at any- 
time, the need for upgrades, the need for training, projec- 
tions for hardware, software and licensing costs/usage 
throughout the enterprise, hardware demand predictions, 
recommended re-route of software and hardware, personally 
installed or permitted software installation, need to stream- 
line and more effectively use under utilized system 
resources, over utilization of system resources, potential 
policy infringements, system trends per department use, and 
the allocation of related costs related to department. 

[0196] Software Applications Archive 

[0197] The system records the storage location of all the 
software applications, software manuals, and software ven- 
dor information used by the organization to create docu- 
ments. In the event that records or documents, written in 
older versions of software, must be produced, the software 
will be preserved and available for use. 

[0198] The foregoing description of the exemplary 
embodiments of the invention has been presented for the 



purposes of illustration and description. It is not intended to 
be exhaustive or to limit the invention to the precise form 

disclosed. Many modifications and variations are possible in 
light of the above teaching. It is intended that the scope of 
the invention be limited not with this detailed description, 
but rather by the claims appended hereto. 

1. A method for dynamically assisting a system adminis- 
trator of a computer network in upgrading compliance 
policy based on behavior of system users, the method 
comprising the steps of: 

storing in a database a plurality of compliance policy 

opti9ons; 

developing an initial compliance policy option potentially 
applicable to network users; 

automatically evaluating over time the appropriateness of 
the initial compliance pohcy option based on the poten- 
tially evolving compliance history of users; 

automatically compiling and providing to the system 
administrator over time a dynamic knowledge base 
comprising automated network user policy compliance 
violation documentation; 

automatically determining from the knowledge base 
policy compliance violation documentation that the 
initial compliance pohcy option is ineffective; 

automatically selecting from the database and recom- 
mending to the system administrator an alternate com- 
pliance policy options; and 

automatically requesting that the system administrator 
confirm the change to the alternate compliance policy 
option 

whereby compliance policy options are dynamically 
altered and provided to the system administrator in 
order to eliminate ineffective compliance policy 
options 

2-12. cancel. 
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